Vista Account Protection Being 'Refined'

One of the most important features shipping in Windows Vista has also become the most contentious: User Account Control. While businesses and users alike have asked for improved security, the feature's barrage of pop-up windows has left those running beta builds simply annoyed.

In response, Microsoft says changes are on the way.

User Account Control, or UAC, is designed to limit the damage malicious software can do to a machine by requiring that all users run in standard user mode and restricting administrator privileges to authorized processes. If a user wishes to install new software or change systems settings, they will need to enter credentials and verify the process.

But the result has been less than smooth in Windows Vista builds released thus far. Users have encountered a seemingly endless stream of verification prompts when performing tasks as simple as deleting a shortcut. Vista Beta 2 also added a "Secure Desktop" mode which prevents any system interaction until the UAC prompt has been answered, adding to customer frustration.

Speaking with BetaNews at TechEd 2006 in Boston, Microsoft senior product manager for Windows Vista security Russell Humphries promised UAC would be "refined" in future builds. Beta 2 made a number of changes to reduce the number of end-user prompts, he said, and an upcoming CTP build will simplify things further.

Microsoft will not, however, utilize a "sticky" verification process. Apple's Mac OS X operating system only asks users to enter their password once and it is remembered for the rest of the time they are logged on. Humphries said this could open the door to security attacks, even if the possibility is minimal.

Secure Desktop is also here to stay, explained Humphries. Microsoft has established a "penetration testing" team to expose potential vulnerabilities in Windows Vista, and it was discovered that malicious software could be used to modify UAC prompts in extreme cases. Secure Desktop was implemented to resolve this issue.

Nonetheless, Microsoft promises it will address the feedback it has received as it prepares Windows Vista Release Candidate 1, and intends to make refinements as needed. "Security is a process," Humphries said, "not just a feature."

One change is already on the docket: deleting shared desktop shortcuts will not require UAC verification.